Skip to main content
SpringerLink
Log in

Enhancing security of cookie-based sessions in mobile networks using sparse caching

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The exponential growth in the use of mobile phones and tablets to gain wireless access to the Internet has been accompanied by a similar growth in cyber attacks over wireless links to steal session cookies and compromise private users’ accounts. The popular one-way hash chain authentication technique in its conventional format is not optimal for mobile phones and other handheld devices due to its high computational overhead. In this paper, we propose and evaluate the use of sparse caching techniques to reduce the overhead of one-way hash chain authentication. Sparse caching schemes with uniform spacing, non-uniform spacing and geometric spacing are designed and analyzed. A Weighted Overhead formula is used to obtain insight into the suitable cache size for different classes of mobile devices. Additionally, the scheme is evaluated from an energy consumption perspective. We show that sparse caching can also be effective in the case of uncertainty in the number of transactions per user session. Our extensive performance tests have shown the significant improvement achieved by the sparse caching schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Chen, J., Jiang, M., Liu, Y.: Wireless LAN security and IEEE 802.11i. IEEE Wirel. Commun. 12(1), 27–36 (2005)

    Article  Google Scholar 

  2. Sreedhar, C., Madhusudhana, S., Kasiviswanath, N.: A survey on security issues in wireless ad hoc network routing protocols. Int. J. Comp. Sci. Eng. 12(2), 224–232 (2010)

    Google Scholar 

  3. Siddiqui, M., Hong, C.: Security issues in wireless mesh networks. In: Proceedings of IEEE International Conference on Multimedia and Ubiquitous Engineering (MUE’07). Seoul, Korea (2007)

  4. Zhou, Y., Fang, Y., Zhang, Y.: Securing wireless sensor networks: a survey. IEEE Commun. Surv. 10(3), 6–28 (2008)

    Article  Google Scholar 

  5. Ponurkiewicz, B.: FaceNiff—A new Android download application. http://faceniff.ponury.net/. Accessed 26 Jan 2012

  6. Butler, E.: FireSheep: cookie snatching made simple. In: ToorCon Conference. San Diego, CA (2010). Software available at http://codebutler.com/firesheep

  7. Riley, R., Ali, N., Al-Senaidi, K., Al-Kuwari, A.: Empowering users against sidejacking attacks. In: Proceedings of the ACM SIGCOMM Conference on SIGCOMM. New Delhi, India (2010)

  8. Liu, A., Kovacs, J., Huang, C., Gouda, M.: A secure cookie protocol. In: Proceedings of 14th International Conference on Computer Communications and Networks (2005)

  9. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  10. Zhang, Y., Fang, Y.: ARSA: an attack-resilient security architecture for multihop wireless mesh networks. IEEE J. Sel. Areas Commun. 24(10), 1916–1928 (2006)

    Article  MathSciNet  Google Scholar 

  11. Hu, Y., Perrig, A., Johnson, D.: Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 11(1–2), 21–38 (2005)

    Article  Google Scholar 

  12. Hu, Y., Johnson, D., Perrig, A.: SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks. In: Proceedings of the 4th IEEE Workshop on Mobile Computing Systems and Applications (WMCSA 2002), pp. 3–13. Calicoon, NY (2002)

  13. Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with disposable credentials. Technical Report Georgia Institute of Technology (2011). http://smartech.gatech.edu/bitstream/handle/1853/37000/GT-CS-11-04.pdf

  14. Cashion, J., Bassiouni, M.: Robust and low-cost solution for preventing sidejacking attacks in wireless networks using a rolling code. In: Proceedings of the 7th ACM International Symposium on QoS and Security of Wireless and Mobile Networks (Q2SWinet’11), pp. 21–26. Miami Beach, Florida (2011)

  15. Liu, D., Ning, P.: Multilevel \(\mu \)TESLA: broadcast authentication for distributed sensor networks. Trans. Embed. Comput. Syst. (TECS) 3(40) (2004)

  16. Tan, H., Jha, S., Ostry, D., Zic, J., Sivaraman, V.: Secure multi-hop network programming with multiple one-way key chains. In: Proceedings of the First ACM Conference on Wireless Network Security-WiSec ’08 (2008)

  17. Khalil, I., Bagchi, S., Rotaru, C.N., Shroff, N.B.: UnMask: utilizing neighbor monitoring for attack mitigation in multihop wireless sensor networks. Ad Hoc Netw. 8(2), 148–164 (2010)

    Article  Google Scholar 

  18. Li, M., Yu, S., Guttman, J.D., Lou, W., Ren, K.: Secure ad hoc trust initialization and key management in wireless body area networks. ACM Trans. Sens. Netw. (TOSN) 9(2), 18 (2013)

    Google Scholar 

  19. Chen, T.H., Hsiang, H.C., Shih, W.K.: Security enhancement on an improvement on two remote user authentication schemes using smart cards. Future Gener. Comput. Syst. 27(4), 377–380 (2011)

    Google Scholar 

  20. Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J Netw. Comput. Appl. 33(1), 1–5 (2010)

    Article  Google Scholar 

  21. Dai, X., Grundy, J.: NetPay: an off-line, decentralized micro-payment system for thin-client applications. Electron. Commer. Res. Appl. 6(1), 91–101 (2007)

    Article  Google Scholar 

  22. Liaw, H., Lin, J., Wu, W.: A new electronic traveler’s check scheme based on one-way hash function. Electron. Commer. Res. Appl. 6(4), 499–508 (2008)

    Article  Google Scholar 

  23. Gupta, A., Weber, W., Mowry, T.: Reducing Memory and Traffic Requirements for Scalable Directory-based Cache Coherence Schemes. Springer, NY (1992)

    Google Scholar 

  24. Deftu, A., Murarasu, A.: Optimization techniques for dimensionally truncated sparse grids on heterogeneous systems. In: Proceedings of the 21st Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 351–358 (2013)

  25. Lau, W., Kumar, M., Venkatesh, S.: A cooperative cache architecture in support of caching multimedia objects in MANETs. In: Proceedings of the 5th ACM International Workshop on Wireless Mobile Multimedia, pp. 56–63 (2002)

  26. Douglas, C. C., Hu, J., Iskandarani, M., Kowarschik, M., Rüde, U., Weiss, C.: Maximizing cache memory usage for multigrid algorithms. In: Chen, Z., et al. (eds.) Multiphase Flows and Transport in Porous Media: State of the Art. Lecture Notes in Physics, vol. 552, pp. 124–137. Springer, Berlin (2000)

  27. Hu, Y., Jakobsson, M., Perrig, A.: Efficient constructions for one-way hash chains. In: Applied Cryptography and Network Security. Lecture Notes in Computer Science, vol. 3531, pp. 423–441. Springer, Berlin (2005)

  28. Chandramouli, R., Bapatla, S., Subbalakshmi, K., Uma, R.: Battery power-aware encryption. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(2), 162–180 (2006)

    Article  Google Scholar 

  29. Potlapally, N., Ravi, S., Raghunathan, A., Jha, N.: Analyzing the energy consumption of security protocols. In: Proceedings of the 2003 International Symposium on Low Power Electronics and Design, pp. 30–35 (2003)

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering and Computer Science, University of Central Florida, Orlando, FL, USA

    Amerah Alabrah, Jeffrey Cashion & Mostafa Bassiouni

Authors
  1. Amerah Alabrah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeffrey Cashion
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mostafa Bassiouni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mostafa Bassiouni.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Alabrah, A., Cashion, J. & Bassiouni, M. Enhancing security of cookie-based sessions in mobile networks using sparse caching. Int. J. Inf. Secur. 13, 355–366 (2014). https://doi.org/10.1007/s10207-013-0223-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0223-8

Keywords

Search

Navigation